Microsoft introduces preview of Azure Managed Confidential Consortium Framework
Published Wednesday, October 12, 2022
Microsoft has been a pioneer in bringing new confidential computing technology to market. As we have been talking to customers, we have identified customer challenges with scenarios that require a combination of multi-party governance, integrity protection, and programmable confidentiality, even in the face of datacenter or host operator compromise.
To address these challenges efficiently, Microsoft Research built the Confidential Consortium Framework (CCF), an open-source framework leveraging the isolation and attestation capabilities of Trusted Execution Environments like those provided by Azure confidential computing.
The framework design decouples node provisioning and operation from network and application governance, making it possible for the solution provider to maintain the set of nodes executing the transactions, without having any access to their contents. Network governance on the other hand, for example, deciding what code to execute, is entirely driven by a consortium, is rule-based, and is programmable and auditable to all participants through an immutable verifiable history. In addition, the immutable history is produced by and resides on the network to support non-repudiation and transparency of participant transactions, through the emission of offline-verifiable receipts.
Furthermore, customers interested in the Confidential Consortium Framework have asked for help managing the infrastructure of the secure and trusted network on a trusted cloud provider. The new preview of Azure Managed Confidential Consortium Framework (i.e. Azure Managed CCF) streamlines the experience of hosting the framework in a managed environment within Azure through its entire lifecycle. Developers can continue to build and host their CCF aware applications in Javascript/TypeScript on the framework, create consortiums with multiple parties to vote on proposals, and be able to utilize programmable confidentiality in the application, while the Azure Managed CCF service will address aspects such as regional instantiation, code upgrades and disaster recovery.
Examples that customers have shared with us where an Azure managed service can be useful include:
- A consortium of banks wanting to share reference data about securities to understand if they are within market consensus. To form an accurate market view, the individual data points must come from authenticated participants without revealing the contents of the submissions and on aggregating correctly.
- A payment provider can run payment data through regulator-provided fraud-detection algorithms, which can flag a transaction but not reveal personal data. Then, an independent authority can audit and confirm the accuracy of the fraud detection algorithm for flagged payments while protecting user privacy.
- One or more software publishers can submit their Software Bill of Materials (SBOMs) to a service that provides receipts that guarantee their provenance, total ordering, immutability and compliance with registration policies. The end users benefit from transparency over the published software by checking offline-verifiable receipts without needing access to the service.
To express your interest in the preview, please complete the sign-up form.
Resources:
- Learn more about the open-source framework on the new CCF website.
- Read about the evolution of Confidential Consortium Framework and its products via this blog.
